The rapid development of Artificial Intelligence (AI) technology has enabled the deployment
of various systems based on it. However, many current AI systems are found vulnerable to …

The outstanding performance of deep neural networks has promoted deep learning
applications in a broad set of domains. However, the potential risks caused by adversarial …

Adversarial examples have attracted significant attention in machine learning, but the
reasons for their existence and pervasiveness remain unclear. We demonstrate that …

We identify a trade-off between robustness and accuracy that serves as a guiding principle
in the design of defenses against adversarial examples. Although this problem has been …

We show that there may exist an inherent tension between the goal of adversarial
robustness and that of standard generalization. Specifically, training robust models may not …

With rapid progress and significant successes in a wide spectrum of applications, deep
learning is being applied in many safety-critical environments. However, deep neural …

We propose an intriguingly simple method for the construction of adversarial images in the
black-box setting. In constrast to the white-box scenario, constructing black-box adversarial …

Abstract Machine learning models are often susceptible to adversarial perturbations of their
inputs. Even small perturbations can cause state-of-the-art classifiers with high" standard" …

Defenses against adversarial examples, such as adversarial training, are typically tailored to
a single perturbation type (eg, small $\ell_\infty $-noise). For other perturbations, these …

Current methods for training robust networks lead to a drop in test accuracy, which has led
prior works to posit that a robustness-accuracy tradeoff may be inevitable in deep learning …